After you obtain a SAML token from the vCenter Single Sign-On server, you can use the vSphere Web Services API method LoginByToken to establish a single sign-on session with a vCenter Server. See vCenter Single Sign-On Client Example (JAX-WS) for an example of obtaining a vCenter Single Sign-On token.
At the beginning of a vCenter Single Sign-On session, your client is responsible for the following tasks:
- Insert the vCenter Single Sign-On token and a timestamp into the SOAP header of the LoginByToken message.
- Maintain the vCenter Server session cookie. During the login sequence, the server produces an HTTP session cookie to support the persistent connection. Your client must save this cookie and re-introduce it at the appropriate times.
- If at a later time your client invokes the LoginByToken method, or other login method, the Server issues a new session cookie in response. You must have a cookie handler in place to save the cookie for subsequent requests.
The example program uses these general steps:
- Call the RetrieveServiceContent method. The method establishes the connection with the vCenter Server and provides access to the SessionManager managed object.
- Call the LoginByToken method to authenticate the vCenter session. To send the token to the vCenter Server, the client uses a handler to embed the token and a time stamp in the SOAP header for the message. The client uses an HTTP header handler method to extract the cookie from the vCenter Server response.
- Restore the session cookie for future requests. To identify the session started with the LoginByToken method, the client uses a handler to embed the session cookie in the HTTP header.